I am a designer and developer and content strategist. I use my experience as a magazine art director and web editor to help publishers, marketers, non-profits and self-branded individuals tell their stories in words and images. I follow all of the technologies that relate to the content business and try to identify the opportunities and pitfalls that these technologies pose. At the same time I am immersed in certain sectors through my content practice and am always looking to find connections between the worlds of neurology, economics, entertainment, travel and mobile technology. I live near the appropriately-scaled metropolis of Portland, Maine, and participate in its innovation economy (more stories at liveworkportland.org. A more complete bio and samples of my design work live at wingandko.com.

Is Kim Dotcom's MEGA Just For Pirates, Or Do We All Need A Privacy Company?

Kim Dotcom’s new MEGA encrypted file storage and sharing service launched today at mega.co.nz. The initial traffic is strong. Dotcom reported in a tweet two hours after launch, “250,000 user registrations. Server capacity on maximum load. Should get better when initial frenzy is over. Wow!!!”

Given his previous enterprise, MegaUpload, it would be easy to characterize MEGA as the latest haven of piracy, but Dotcom is spinning it differently. He has branded MEGA as “The Privacy Company.” This is yet another shrewd chess move on his part. The opening move, as I described in this morning’s post, “is that all files [on MEGA] are encrypted using a 2048-bit RSA key.… What this means effectively is that Dotcom cannot be accused of knowingly storing copyrighted materials because he cannot technically know the content of the files stored on MEGA—only the user who uploaded the files and/or possesses the key can.”

After invoking Universal Declaration of Human Rights, Article 12 (an injunction against “arbitrary interference with his privacy, family, home or correspondence.”), MEGA’s site copy describes User Controlled Encryption, or UCE. Unlike Dropbox or the other big file storage services, MEGA uses “symmetrical encryption” where the user holds both the encryption and decryption keys. This is “unlike the industry norm where the cloud storage provider holds the decryption key.”

This distinction is what enables file storage services to decrypt and hand over data to government authorities under subpoena. With MEGA, this can’t happen, because it does not retain the decryption keys. So it doesn’t know what you are storing on its servers and it can’t find out. Is this a checkmate from the legal standpoint? Not so fast.

The whole system can still be undone by its users, who have the power to share their files and the encryption keys to those files as they choose. Even though the terms of service strictly forbid uploading and distributing copyrighted material, users routinely ignore TOS—especially for a site whose lineage involves infringement on a massive scale. If users are sloppy with their links and post them to public sites that index pirated material, MEGA could face clear external evidence of what is on its servers—even if it cannot see the files itself.

From the point of view of copyright holders, though, the necessity to use an encryption key does act as valuable friction against a file being shared too freely. In practice, it becomes more like a friend passing along a DVD to another friend than like making a file available simultaneously to the entire internet.

But, piracy issues aside, there is something appealing about the privacy pitch. With it becoming increasingly clear how Google and Facebook are mining user data—including emails, calendars, physical location and other personal information—the idea of having a place to store your data (and soon “Integrated on-site applications,” like a calendar, word processor and spreadsheet) that cannot be Hoovered is seeming increasingly necessary—even if you have nothing to hide.

Maybe all of the privacy talk is a smoke screen for piracy as usual, and maybe MEGA will not really be a viable “privacy platform,” but if not MEGA, then who? As useful as it can be (in some circumstances) for your experience of the web to be personalized for you through unobtrusive surveillance, more and more of us are going to want a bit more control. You don’t have to opt out completely from Facebook or Google’s ecosystems in order to decide to conduct some of your personal business truly in private.

So the question remains, is MEGA just for pirates? Or for privacy nuts? Or for everyone?

Post Your Comment

Post Your Reply

Forbes writers have the ability to call out member comments they find particularly interesting. Called-out comments are highlighted across the Forbes network. You'll be notified if your comment is called out.

Just watched the press conference where Mega was launched; Seems like a very viable service. 50GB of storage is impressive.

One point brought up was when old servers in datacenters are upgraded, they are frequently sold without proper wiping, or whatnot. The process to wipe a hard drive, so the data is not recovered, takes 4+ hours. With free services, the manpower was often not available.

This was an issue at Microsoft. Ultimately, instead of wiping or re-using the drives, they were run through a large shredder.

I bought a computer at a company bankruptcy auction, and when I recieved it, it had a ton of files and data on it. It took a while to wipe the drive clean, but you cant blame anyone for the company going bankrupt!

Kim Still makes good points- the US Government certainly buys a lot of data, particularily from telecom companies. During the Bush Administration, then-CEO of AT&T was placed on a task force, for national security threats.

Encrypting data puts users in control, and there’s not really a reason to collect and sell data to the US Government anymore now that Osama was captured by the current administration. My guess however, is that until the patriot act is put out to pasture, and not renewed again, companies will still see a legal obligation to collect and store data.

Also, if I remember correctly, Kim Dotcom was prosecuted by the LA office of the FBI. If you’ve ever been there, it’s surrounded by legal offices of movie studios and entertainment companies. It’s probably pretty likely they rub elbows pretty often, even at a local watering hole nearby when off the clock.

Kim said in the video that a few weeks prior to the raid of his company, his company was approaching movie studios to create a content locker, and allow people to watch content legitimately in exchange for ads. They couldn’t seem to schedule any meetings with movie studios, even though they planned to be in California a few weeks after they were raided.

Kim chuckled and said (paraphrased) “They could have waited a week, and picked us up at LA Airport, but they decided to grandstand, and invade my home in New Zealand instead!”

“The whole system can still be undone by its users, who have the power to share their files and the encryption keys to those files as they choose.”

What blarney. The “whole system” cannot be undone by sharing the encryption keys to your files no more so than everyone’s house can be “undone” by giving your house keys to someone else. Sharing your encryption keys only allows access to your files, not the whole systems files. Total blather.

“If users are sloppy with their links and post them to public sites that index pirated material, MEGA could face clear external evidence of what is on its servers—even if it cannot see the files itself.”

I don’t think you get his point, what he’s saying is that if a user uploads a movie for example on the new service and then posts the link + the key on a popular pirate site, the feds can use that as a clear evidence that MEGA has illegal uploaded material on it’s servers and thus rendering the encryption system as useless.

Proof of total privacy concept. Google, Facebook, Amazon et al have privacy policies that are really ways for you to share keys to your stuff on the iCloud, g+Cloud, fCloud. Why not engineer open Privacy APIs for selective release of ‘private-info’ after rigorously defining ‘private’.

How is this any different from Dropbox and Google Drive in facilitating the spread of copyrighted files? You say it may be a smoke screen for piracy but why not accuse those other services as doing the same. This article is biased.

I think the initial reaction to Mega will be short-lived (IMHO) because “key sharing” is an inconvenience. Now users of Mega need a convenient, yet secure, method of sharing their Mega decryption key(s). This means yet another account and another service that “friends” need to access. I launched a “privacy” site in 2009 and still support it today, but most people don’t want to deal with logging into another account (other than their email or FB) just to protect their privacy. Privacy sites may notice additional traffic because of the Mega phenomena. You can find several by searching “private secure encrypted”.

Its an interesting dilemma, If Human Rights Article 12 and its often misinterpreted American 1st amendment mean that you can have total privacy with Encryption and decryption rights then ‘Free’ sic governments will have to go look at their constitutions and coming on the same time as the tragic death of Aaron the Magnificent, which seems to prove justice systems do what they like regardless of the constitution. @.com has done us a favor by bringing this into the light.

Well, you see the real question here is whether he will be able to beat the copyright monopoly. This is his eventual intention. Hopefully he will be successful. That leaves the broken patent system to be reformed. How will that one go down? If Kim is not able to break the copyright monopoly, the internet will go “dark,” with nearly all traffic encrypted. That will leave the MPAA et al only a few options: ban encrypted traffic, limit everyone’s bandwidth, or offer a legal service with the features which consumers want. Remember, we HAVE the services we want. We just don’t have them legally. But most of us would be happy to pay $30 a month for a subscription to unrestricted media (and I mean ALL media, currently and historically).

I’m not a legal expert, but the college I teach at would not allow us to use services such as dropbox, as they felt it was a FERPA violation. Is this the first public service that does not violate HIPAA and FERPA?

the actual “piracy”, of course, is committed by the corporate copyright holders who use it as funding for their own personal welfare state. However, as file sharers, being in the moral right doesn’t stop the copyright thugs from sending round the boys to break your legs (figuratively speaking). So, it’s entirely reasonable to do whatever needs to be done to circumvent their dull thuggery.

It being the case that whoever owns the government, wins, then it’s likely that all sorts of legal and illegal shenanigans and chicanery will be undertaken to take down Mega and victimize users. And, eventually, they will win. But meanwhile things will have moved on, and they’ll have to learn to be apoplectic with righteous rage about some other method that people are using to communicate with each other without corporate oversight.

At some point or other the whole rotten, parasitic structure will come crumbling down. Sooner than later, lets hope 8-)

just for the record, the “piracy” is committed by the corporate copyright holders who use it as their own personal welfare state. Of course, even though filesharers are in the moral right, it doesn’t stop the copyright holders from sending round the law-thugs to break legs. So people will do what they need to do to communicate in whatever way they will.

It’s the neverending circle of life: People will communicate. Some authority or other will be outraged that this is occurring in private beyond their control and take steps to put a stop to it. People will then find ways to circumvent the inflicted damage to communication.

It’s inevitable that Mega will be stopped. Legal and illegal shenanigans and political chicanery will be used to cripple this public service. But, it won’t matter in the long run. It’s predictable routine now. By the time Mega is crippled, there will be alternative that don’t have the weaknesses that allowed Mega to be crippled.

It’s a pity deadbeat parasitic organizations don’t just crawl away and die and leave the rest of us to get on with communicating in peace.

The way I see it, the combination of both seems more like it will enable pirate hubs that are just more restrictive (kind of like how the fictional pirates of PotC had Tortuga and Shipwreck Cove). You’ll get access provided you’re part of the crew or something.

My understanding could be flawed though. One poster here noted that information can still made publicly accessible enough even if MEGA itself has no clue about the actual contents.

It gets more confusing upon further reflection. Once access has grown public enough, won’t MEGA catch wind of it and just use the shared information for itself? Maybe I’m missing something…

This is a stupidly easy concept…u could just use the username as the key decypher…forget making it to complicated -> especially since all ur trying to do is bypass legislation….that’s funny in itself – our legal system is just a checker board…so many ways around whatever it is they try to regulate!!